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RECEIVED 
CENTRAL RAX CENTS) 

Listing of Claims NOV 1 7 2008 

This listing of claims 1-2 will replace all prior versions, and listing of claims in the 
application. 

1. (Currently Amended) A method of detecting malicious scripts using code 
insertion technique, comprising the step of: 

checking values related to each sentence belonging to call 
sequences by using method call sequence detection based on rules 
including matching rules and relation rules, 

wherein said matc hing rules comprise genera? script 
sentences and further I nclude a variable string: and 

wherein said relation rules are comprised of condition phrases 
and action phrases and wherein the action phrases are executed 
when the conditio ns of the condition phrase are satisfied, wherein 
said condition phrases are comprised of at least one condition 
expression for ch ecking whether one of: fa) a rule has already been 
satisfied, (b) s pecific variable values of two rules are equal to each 
other, or (c) one of the specific variable values is included in the 
other value; and 

wherein the checking step comprises the steps of: 

liLinserting a self-detection routine (malicious behavior 
detection routine) call sentence before and after a method call sentence of 
an original script; and 

£ii) detecting the malicious codes during execution of the 
script through a self-detection routine inserted into the original script. 

2. (Currently Amended) The method according to claim 1 , wherein the self- 
detection routine call sentence is generated by a script transformer 
which transforms an orig inal script including method call sentences 
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into a script capable of contin uously performing the self-detection 
during execution thr ough the method call sequence based on the 
detection rules an d the self-detectton routine. 

wherein the self-dete ction routine is composed of sentenc.es for 
storing parameters and return values and calling a detection engine, said 
sentences being inserted before and after the method call sentence when 
the method call sentence matches with contents described in the matching 
rule, and 

wherein the self-detection routine includes a rule-based detection 
engine for executing the relation rule related to a relevant matching rule 
when a method corresponding to the matching rule is called and detecting 
the presence of malicious behavior of the method call sequence, and 
methods for causing the parameters and return values of the method call 
sentence satisfying the matching rule to be stored into a buffer usable by 
the detection engine. 

3. (New) The method according to claim 1, further comprising selecting one 
rule as a higher level rule, representative of all relation rules in a set of 
relation rules. 

4. INIewN Tho me»thr\rl 




